how much is libbitcoin (Bitcoin core implementation of Dark Wallet as I understand so far) compatible to "Bitcoin Core" the reference implementation of the Bitcoin protocol?

as I understood central servers are necessary like the Electrum central servers. are they Open Source software? where can I find this implementation? until now the client is Open Source but is the server code also available?

Is there a central server involved in your implementation? I'm not trying to spread FUD, it's just there is conflicting information out there on the net. What you describe here sounds like it is p2p. Where are the announce messages posted?

The clients meet in a lobby, that right now is the gateway they connect for other services. This works as an irc room. We're not making security assumptions there and the clients encrypt for the channel (useless for public announcement channel like this case) and then for the peer (using curve25519 dh).

What there is not is a pool, all mixing is coinjoin and the funds would never leave the client till signed together with someone.

Clients are sharing public keys and will engage in private communications after the initial announce, for now always through the "chat". Nothing is cleartext and the server has no role other as work like a broadcast medium with channel selection.

The gateway servers are now isolated but the plan soon is have them federate over a tuple space (probably through python entangled) (so anyone can join through tuple space instead of the websocket channel)

The clients can later choose other transports, as our protocol is purely logical.

how much is libbitcoin (Bitcoin core implementation of Dark Wallet as I understand so far) compatible to "Bitcoin Core" the reference implementation of the Bitcoin protocol?

as I understood central servers are necessary like the Electrum central servers. are they Open Source software? where can I find this implementation? until now the client is Open Source but is the server code also available?

About how compatible it is, I can't really answer myself just that it should be following the bitcoin protocol and we don't have any "propietary" extensions or anything like that. Of course it's going to need heavy testing, auditing etc and we are open and wellcome anyone that helps on that.

About servers, yes the model is similar to electrum. Since the server is opensource you can install it in you server, and in the future there is nothing against you can just run it in you laptop or some parts of it, ie we have no long running assumption everyone *has to be connected to our lobby or to a server*.

We're soon releasing more installers and howtos about server configuratiojn or autonomous config by installing everything (or some part) in your computer.

So the clients, after having chosen a common place to announce, in our case our gateway lobby:

0. Some are listening for offers1: Send announcements to start a join (now looking for a peer, but could look for more), with a pubkey (now its using the same one, but can be one per-announcement and will be).2. Other peers answer over ecdh, they will both offer inputs outputs, sign and broadcast over the private encrypted channel.

We believe the base we have can now have more hardened approaches tested, we provide a framework. This is a medium where we can do cryptographers dinner, or dissent protocols. This is just the beginning but it's a minimum that should work for getting the whole thing running.

Our goal is now apply the minimum necessary improvements, so on release this will also be making some claims about privacy, it's not making them right now, we're just offering information about where we are, so together with you people we can make it best.

We also invite other's to join forces and implement their techniques on our platform.

@caedes, why not have a peer-to-peer broadcast-flood channel for announcing joint transaction availability? Maybe even reuse one that is already available, well maintained, and has known security properties, like say the bitcoin network itself? And then do direct connections to the followon stages?

I'm an independent developer working on bitcoin-core, making my living off community donations.If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP

@caedes, why not have a peer-to-peer broadcast-flood channel for announcing joint transaction availability? Maybe even reuse one that is already available, well maintained, and has known security properties, like say the bitcoin network itself? And then do direct connections to the followon stages?

@caedes, why not have a peer-to-peer broadcast-flood channel for announcing joint transaction availability? Maybe even reuse one that is already available, well maintained, and has known security properties, like say the bitcoin network itself? And then do direct connections to the followon stages?

Yes as genjix says we're waiting for specific proposal of how to approach it, when we designed the system that was the idea that we could use the bitcoin network to overcome some of the adversary problems.

extremely interesting thread...what struck my eye was the slow validations which can cause a major clog with transactions when Dark Coin (based off of CoinJoin) gets bigger, right? The more coins transacted the slower the confirmations am I right in saying that?

No, not in a meaningful sense. Validation is very cheap. You do run into block size limits if you're trying to transact too much at once, but any privacy system is limited in its privacy by transaction volume.

"Dark Coin" really strikes me as pointless. The whole idea in coinjoin is that coinjoin is already part of the design of Bitcoin. There is no advantage in having a new and different system. If you're going to do something incompatible, losing Bitcoin's network effect in the process, then you can do something much stronger.

It also depresses me somewhat to see people talking about darkcoin (or even zerocoin/zerocash) when bytecoin has a privacy system with much better properties than CoinJoin (it's similar to CJ except you safely join with offline coin holders, and all users are participants), something made possible by the fact that it doesn't have to fit within the existing Bitcoin network, and it's completely practical, reasonably performant and deployed for some time now. But strangely, it's virtually unheard of... Bytecoin's privacy properties are in some sense weaker than zerocoin's— since its like a supercharged coinjoin— but the cryptography is much stronger and much more efficient, so in practice I'd expect it to have better anonymity just due to it being much more practical (also as evidence to it existing as a deployed system). ... so yea, if you actually are interested in privacy technology in a non-bitcoin system, Bytecoin seems to have pretty much nailed it.

It also depresses me somewhat to see people talking about darkcoin (or even zerocoin/zerocash) when bytecoin has a privacy system with much better properties than CoinJoin (it's similar to CJ except you safely join with offline coin holders, and all users are participants), something made possible by the fact that it doesn't have to fit within the existing Bitcoin network, and it's completely practical, reasonably performant and deployed for some time now. But strangely, it's virtually unheard of... Bytecoin's privacy properties are in some sense weaker than zerocoin's— since its like a supercharged coinjoin— but the cryptography is much stronger and much more efficient, so in practice I'd expect it to have better anonymity just due to it being much more practical (also as evidence to it existing as a deployed system). ... so yea, if you actually are interested in privacy technology in a non-bitcoin system, Bytecoin seems to have pretty much nailed it.

Thanks for introducing me to Bytecoin/CryptoNote. Some solid cryptography being used (in theory) and some great improvements over bitcoin. Unfortunately the fact that there is another coin called bytecoin is very confusing and bytecoin doesn't really have any formal documentation other than this page. Time to do some source code reading!

Thanks for introducing me to Bytecoin/CryptoNote. Some solid cryptography being used (in theory) and some great improvements over bitcoin. Unfortunately the fact that there is another coin called bytecoin is very confusing and bytecoin doesn't really have any formal documentation other than this page. Time to do some source code reading!

Yea, the Bytecoin/Bytecoin thing caused me to not notice it for a long time.

The cryptographically interesting Bytecoin has a reasonable whitepaper: https://bytecoin.org/old/whitepaper.pdf Some of the things it does appear to be pointless or ill-advised to me and I would have counciled otherwise— but as far as the privacy aspect goes, the ring signature approach appears top notch. The privacy depends on the decisional DH problem, so perhaps you could argue that its privacy has a slightly weaker cryptographic story than the basic discrete log stuff (computational DH) but in the curve they're using its believed to be equally strong. In any case, anything that has reduced the privacy question to asking about cryptographic assumptions has gone pretty good.

Sorry for the OT tangent here. Though there may be some good bitcoin-relevant privacy things to mine out of the bytecoin design.

Thanks for introducing me to Bytecoin/CryptoNote. Some solid cryptography being used (in theory) and some great improvements over bitcoin. Unfortunately the fact that there is another coin called bytecoin is very confusing and bytecoin doesn't really have any formal documentation other than this page. Time to do some source code reading!

Yea, the Bytecoin/Bytecoin thing caused me to not notice it for a long time.

The cryptographically interesting Bytecoin has a reasonable whitepaper: https://bytecoin.org/old/whitepaper.pdf Some of the things it does appear to be pointless or ill-advised to me and I would have counciled otherwise— but as far as the privacy aspect goes, the ring signature approach appears top notch. The privacy depends on the decisional DH problem, so perhaps you could argue that its privacy has a slightly weaker cryptographic story than the basic discrete log stuff (computational DH) but in the curve they're using its believed to be equally strong. In any case, anything that has reduced the privacy question to asking about cryptographic assumptions has gone pretty good.

Sorry for the OT tangent here. Though there may be some good bitcoin-relevant privacy things to mine out of the bytecoin design.

It's hard to believe you're not a major bytecoin holder of some sort? Monero is a fork without the massive premine/instamine/slowmine without release whatever it was of bytecoin, I imagine your opinion about it is the same if they share cryptonote?

I'd like to thank eduffield and the other developers for this critically important evolution in virtual currency. DarkCoin is what bitcoin should have been. Some might call it "Bitcoin 2.0" but would do better by saying: "DarkCoin is digital cash." - Child Harold - February 28, 2014 https://bitcointalk.org/index.php?topic=421615.msg5424980#msg5424980

It's hard to believe you're not a major bytecoin holder of some sort? Monero is a fork without the massive premine/instamine/slowmine without release whatever it was of bytecoin, I imagine your opinion about it is the same if they share cryptonote?

As hard as it is to believe, people other than me do occasionally have really good ideas. ... (No, I'd only heard about it a couple months ago and looked into it in depth until the last week). I think all these altcoins are horribly ill-advised in their altcoinness. You're in the wrong subforum and thread if you want to talk about cryptocurrency speculation— my interest here is just in the techniques— and I'm not going to credit some random code aping fork for other people's work when talking about them.

(In case anyone had the impression that I thought bytecoin was all love and wonder: the implementation is currently really immature and somewhat buggy— and perhaps not likely to improve if its authors are now getting voted off the island in a fork. The POW is very slow to validate, and seems generally ill-advised to me (see https://download.wpsoftware.net/bitcoin/asic-faq.pdf), the adaptive blocksize stuff seems dangerous and the coin burning excuse for it can't work as expected in the long run since miners can get paid out of band, ... but the privacy design is very good, though even there its incompatible with pruning (but so is everything else). Of course, all these concerns also apply to forks that just aped the code.).

It's hard to believe you're not a major bytecoin holder of some sort? Monero is a fork without the massive premine/instamine/slowmine without release whatever it was of bytecoin, I imagine your opinion about it is the same if they share cryptonote?

As hard as it is to believe, people other than me do occasionally have really good ideas. ... (No, I'd only heard about it a couple months ago and looked into it in depth until the last week). I think all these altcoins are horribly ill-advised in their altcoinness. You're in the wrong subforum and thread if you want to talk about cryptocurrency speculation— my interest here is just in the techniques— and I'm not going to credit some random code aping fork for other people's work when talking about them.

(In case anyone had the impression that I thought bytecoin was all love and wonder: the implementation is currently really immature and somewhat buggy— and perhaps not likely to improve if its authors are now getting voted off the island in a fork. The POW is very slow to validate, and seems generally ill-advised to me (see https://download.wpsoftware.net/bitcoin/asic-faq.pdf), the adaptive blocksize stuff seems dangerous and the coin burning excuse for it can't work as expected in the long run since miners can get paid out of band, ... but the privacy design is very good, though even there its incompatible with pruning (but so is everything else). Of course, all these concerns also apply to forks that just aped the code.).

kinda sad darkcoin isnt implementing ring sigsmasternodes are coinjoin servers where miners must pay taxi'm interested to understand how that differs to federated darkwallet gatewaysstill, all power to drk... 4th crypto now

Sharedcoin is a blockchain.info product. You can read about it on their website, but I don't think it was based on any external design, just a mixing service cooked up by one of their engineers.

Darkcoin and darkwallet also have nothing in common either. Despite co-opting the name, darkcoin's darksend doesn't appear to have anything to do with coinjoin. Their description and illustration in their thread shows some sort of centralized mixing service (more akin to sharedcoin), and indeed their distribution mechanism involves a reward for "masternodes" which perform the mixing with these fresh coins. It would be nice if someone from that project could chime in here and explain just what it is trying to accomplish, because the available technical descriptions are scarce and contradictory.

Darkwallet does indeed implement coinjoin, albeit using a centralized matchmaking service to setup the mixes. I have been informed by the developers that this is a temporary mechanism and they are working towards a fully p2p solution. They do not use the blind signing or ring signature mechanisms which are required to scale to more than 2 participants without revealing ownership of outputs.

I'm an independent developer working on bitcoin-core, making my living off community donations.If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP